[apparmor] [PATCH 2/3] Fix @{profile_name} variable to not be a fqname
Steve Beattie
steve at nxnw.org
Fri Jul 10 23:57:06 UTC 2015
On Wed, Jun 17, 2015 at 04:21:12AM -0700, John Johansen wrote:
> The @{profile_name} is incorrectly expanded as a fully qualified path
> including its namespace if one was specified in the profile declaration.
>
> ie.
> profile :ns://a {
> ptrace @{profile_name},
> # expands to
> # ptrace :ns://a,
> }
>
> This is wrong however because within a profile if a rule refers
> to a namespace it will be wrt a sub-namespace. That is in the above
> example the ptrace rule is refering to a profile in a subnamespace
> "ns".
>
> Or from the current profile declaration scope
> :ns//ns://a
>
> Instead @{profile_name} should expand into the hname (hierarchical name),
> which is the profile hierarchy specification within the namespace the
> profile is part of.
>
> In this case
> a
>
> or for a child profile case
> profile :ns://a {
> profile b {
> ptrace @{profile_name},
> }
> }
>
> the hname expansion would be
> a//b
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Again, with Christian's changes applied,
Acked-by: Steve Beattie <steve at nxnw.org>. Thanks!
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20150710/bbcc2ff3/attachment.pgp>
More information about the AppArmor
mailing list